On Sun, 04 Mar 2012 01:36:29 +0200, Jani Nikula wrote: > On Sat, 3 Mar 2012 17:04:22 -0500, Tim Bielawa wrote: > > The addition of mml-quote-region (notmuch-mua.el) in 2c6710e3 breaks > > automatic signing in replies. When replies are mml-quoted and signing > > is enabled by default the "<#part sign=pgpmime>" string will appear on > > line 1. This will be consumed during the application of the > > mml-quote-region function and transform into the inert string > > "<#!part sign=pgpmime>". The result is that responses will no longer > > be signed by default. > > > > This fix moves the point forward one line before applying the quoting > > function. > > > > Consideration: Clients not signing mail by default. The first line of > > their responses would be skipped when the quoting function is > > applied. This string takes this general form: > > > > On Sat, 03 Mar 2012 12:55:14 -0800, notmuch-request@notmuchmail.org wrote: > > > > Because the string is generated by notmuch I don't believe this fix > > introduces the possibility for malicious mml commands being omitted > > from the quoting. > > Hmm, would it work to mml quote the reply *before* extracting it from > the temp buffer, like below? It would handle not mml quoting the user's > signature too. Completely untested... > > BR, > Jani. > > > diff --git a/emacs/notmuch-mua.el b/emacs/notmuch-mua.el > index 4be7c13..13244eb 100644 > --- a/emacs/notmuch-mua.el > +++ b/emacs/notmuch-mua.el > @@ -95,6 +95,9 @@ list." > (goto-char (point-min)) > (setq headers (mail-header-extract))))) > (forward-line 1) > + ;; Original message may contain (malicious) MML tags. We must > + ;; properly quote them in the reply. > + (mml-quote-region (point) (point-max)) > (setq body (buffer-substring (point) (point-max)))) > ;; If sender is non-nil, set the From: header to its value. > (when sender > @@ -116,12 +119,7 @@ list." > (push-mark)) > (set-buffer-modified-p nil) > > - (message-goto-body) > - ;; Original message may contain (malicious) MML tags. We must > - ;; properly quote them in the reply. Note that using `point-max' > - ;; instead of `mark' here is wrong. The buffer may include user's > - ;; signature which should not be MML-quoted. > - (mml-quote-region (point) (mark))) > + (message-goto-body)) > > (defun notmuch-mua-forward-message () > (message-forward) Works great. Passes unit tests. Definitely a better approach than the original patch. > Notmuch test suite complete. > All 381 tests behaved as expected (2 expected failures). +1 from me (this message replied to and signed using the new patch) -- Tim Bielawa